I'm not good at security stuff, but is a hardcoded password not much worse than any string written to some kind of config database but that is different for every program installation or system user?
It’s about the same, as anyone would be able to read the generated password from the config database (since where to store it would still be hardcoded in the binary).